CVE-2015-8624
Description
The User::matchEditToken function in includes/User.php in MediaWiki before 1.23.12, 1.24.x before 1.24.5, 1.25.x before 1.25.4, and 1.26.x before 1.26.1 does not perform token comparison in constant time before determining if a debugging message should be logged, which allows remote attackers to guess the edit token and bypass CSRF protection via a timing attack, a different vulnerability than CVE-2015-8623.
Predictions
Heuristic predictions, AS-IS, for prioritization only.
Mitigations
Vendor advisory: debian — https://security-tracker.debian.org/tracker/CVE-2015-8624
Vendor advisory: cve@mitre.org — https://phabricator.wikimedia.org/T119309
Vendor advisory: cve@mitre.org — https://lists.wikimedia.org/pipermail/mediawiki-announce/2015-December/000186.html
Vendor advisory: cve@mitre.org — http://www.openwall.com/lists/oss-security/2015/12/23/7
Vendor advisory: cve@mitre.org — http://www.openwall.com/lists/oss-security/2015/12/21/8
OS impact
| OS | Version | Status | Fixed in |
|---|---|---|---|
| debian | bookworm | fixed | 1:1.25.5-1 |
| debian | bullseye | fixed | 1:1.25.5-1 |
| debian | forky | fixed | 1:1.25.5-1 |
| debian | sid | fixed | 1:1.25.5-1 |
| debian | trixie | fixed | 1:1.25.5-1 |
Application impact
| Vendor | Product | Versions | Fixed |
|---|---|---|---|
| mediawiki | mediawiki | {"endIncluding":"1.23.11"} | |
| mediawiki | mediawiki | 1.24.0 | |
| mediawiki | mediawiki | 1.24.1 | |
| mediawiki | mediawiki | 1.24.2 | |
| mediawiki | mediawiki | 1.24.3 | |
| mediawiki | mediawiki | 1.24.4 | |
| mediawiki | mediawiki | 1.25.0 | |
| mediawiki | mediawiki | 1.25.1 | |
| mediawiki | mediawiki | 1.25.2 | |
| mediawiki | mediawiki | 1.25.3 | |
| mediawiki | mediawiki | 1.26.0 | |
References
CWEs
CWE-352
Verify integrity in audit chain (admin only). AS-IS.